Proving you're human online doesn't require a credit card

Elon Musk went viral last year with tweets suggesting that the future of social media is to pay for it, because otherwise, it’ll all just be bots. This problem of how to prove you're human and not a bot is only getting worse.

Musk is right: The bots are coming, and we do have to do something. But we have two more options besides the one he offers. Here’s the expanded list of our choices for proving our humanity in the age of ubiquitous AI:

1. Pay-to-play (i.e., the Musk option)
2. Web3’s large selection of existing proof-of-human offerings
3. Government-issued digital ID

I’m guessing we’ll end up with some combination of the above, but insofar as number 3 will be the most attractive option for many people, it’s yet another way in which AI is an inherently centralizing force. But as a decentralization maxi, the likelihood that we’ll end up where the government can digitally unperson me with a mouse click is concerning. If this worries you as well, then read on.

In this piece, I’ll give a very brief introduction to option number 2 — web3 proof-of-human services — for the non-crypto-pilled. Yes, I know, I know — nobody wants to read another piece about how “web3 fixes this.” But don’t close that tab!

Even if you hate crypto, it’s still worth acquainting yourself with just how much effort and money has gone into solving the precise problem Musk is worried about. Here are two relevant facts for the crypto-haters to consider before they bounce:

1. Digital identity is a critical, well-established front in the “centralization vs. decentralization” war. So, if you care about this fight, then this issue matters.
2. Recent advances in AI have fundamentally changed the digital ID terrain so that web 2.0 now has a problem that had previously been confined to web3 — i.e., how to do proof-of-human in a network where human nodes can be credibly impersonated at scale and at low marginal cost.

Proof-of-human is an early, fundamental web3 problem

One of the core distinctions crypto has vs. the traditional web is ubiquitous pseudonymity. Crypto types are super into the whole pseudonymous online persona thing.

Now, you may not care about pseudonymity, or you think it’s only for money launderers, dope peddlers, bootleggers, and prank callers. I get it, Boomer. But just bear with me for a moment because I promise I’m not trying to pseud-pill you — I’m just trying to help you understand why proof-of-human is such a longstanding web3 concern.

The de facto standard for identity on the current web (web2) is the email address plus password combination. To sign up for a new service, you usually supply these two items, and then you get a confirmation link in your email that you have to click to prove you’re the rightful owner of that email address.

The standard for identity on web3, in contrast, is the crypto address. This is a public address on a public blockchain — often Ethereum — that you have a private key for and can, therefore, prove ownership of.

Web3 identities, then, have the following qualities:

• Trivial and cost-free for a single person to create and use in bulk
• Impossible to link to a single person, company, or other entity
• Used for accounts on internet services that are web3-based
• Used for moving valuable assets around

You might say that in web3, every phone is a burner phone — there is no other kind. This is because it’s really easy to create new crypto addresses and use them as identities. You can do this locally by just creating a new public/private key pair in the correct format, and if you want to send some asset to that address (coins, NFTs), you can do that by interacting with the blockchain.

Obviously, this is a pretty treacherous combination of qualities that’s quite easy to abuse, even without any sort of advanced AI. If logging in to a web3-based service only requires a locally generated key pair, then a single, not very sophisticated person could spin up millions of these public/private key pairs on a laptop and use them to SPAM thousands of web3 applications with fake interactions using a few simple scripts. For instance, you could use this to manipulate DAO votes or abuse token-gated applications.

The point: At the very beginning of web3’s existence, the frictionless ease of essentially disposable bulk identity creation has meant that web3 services have had the very proof-of-human problems that are only now truly catching up to web2 in the AI era.

The web3 solutions

If you google “web3 proof of humanity,” you’ll get a ton of results. Everyone has ideas about how to do this, and many of the ideas are very good and practical.

• ProofOfHumanity.id
• BrightID
• Duniter
• World ID
• Upala
• Kleros (sort of ... it has ID as a component)
• Democracy Earth
• Humanity DAO

In addition, there are some web3 projects I’ve seen that have their own built-in solution for this that you use to access the service or community, and there are other web3 efforts where proof-of-human sort of happens as a side effect (POAP is a good example of the latter, and I think STEPN may be another in that proof-of-workout equals proof-of-humanity).

If anything, web3’s problem is that there are too many solutions for the PoH problem, and no one has settled on a standard. You’ll notice in the above list that there’s basically a marketplace for proof-of-human services that many web3 hustlers are hoping to dominate with their own solution.

Here’s a very brief list of some approaches:

• Scan your eyeball data into a creepy orb (i.e., WorldCoin).
• Multiple humans meet in person and give each other NFTs that essentially say, “I did an IRL thing with the person who controls this wallet.”
• Users upload videos of themselves answering questions or doing some required task.
• Users take cognitive tests that are still too hard for AIs.
• Users either vouch for or challenge each others’ humanity.
• The platform analyzes your social graph on some network and uses that as proof.
• The platform looks at your wallet for NFT credentials that it recognizes as normally only given out to real humans for doing a thing in the real world — e.g., an on-chain certificate granted by an institution or program, or an earned community participation token or status badge from an established web3 community.

None of these are scam-proof by themselves, so most PoH offerings will combine multiple approaches to give you some kind of score. But just to be clear on what this list is: These aren’t random ideas or shower thoughts that I or someone else thought might be kinda cool if only someone were to build it — no, there are (or, in some cases, have been) actual shipping products built around these ideas and more, some of them with thousands of users. This stuff literally exists courtesy of the now-busted (but steadily reflating) crypto bubble, and actual communities are testing it.

Again, the problem is the sheer variety of such PoH efforts and the lack of a clear standard or authority. If there were a kind of “LinkedIn” but for PoH (maybe LinkedIn itself could do this), where if you worked at a job with colleagues, you got an on-chain badge that says, “Jon Stokes definitely worked here doing this thing,” that would probably dominate. But there is no such Schelling point — yet.

We’ll probably go with option 3

I can already hear many of you asking, “Couldn’t we do all the ‘web3’ stuff you’re describing with a government-issued digital identity?” (I.e., option number 3 on the list in the first section of this piece.)

The answer is, “Yes, obviously.” And there are a number of country-level efforts to do exactly this, some of which involve the blockchain and some of which do not.

As I said in the intro, the people who want the government to handle this for them will probably get their way, eventually. But it should be clear that it doesn’t have to be this way.

We have a multitude of options for proof-of-human that don’t involve paying centralized service providers, whether private-sector platforms like X via subscription fees or governments via taxes. We should use them if we value our privacy and freedom.

And if we do decide on pay-to-play, there are privacy-preserving options like Bitcoin (either L1 or lightning network) that could be used by social media to filter for bots without wrecking pseudonymity.